| { |
| "services": [ |
| { |
| "name": "HDFS", |
| "identities": [ |
| { |
| "name": "hdfs_spnego", |
| "reference": "/spnego", |
| "principal": { |
| "configuration": "hdfs-site/dfs.web.authentication.kerberos.principal" |
| }, |
| "keytab": { |
| "configuration": "hdfs-site/dfs.web.authentication.kerberos.keytab" |
| } |
| }, |
| { |
| "name": "hdfs_smokeuser", |
| "reference": "/smokeuser" |
| } |
| ], |
| "auth_to_local_properties" : [ |
| "core-site/hadoop.security.auth_to_local" |
| ], |
| "configurations": [ |
| { |
| "core-site": { |
| "hadoop.security.authentication": "kerberos", |
| "hadoop.security.authorization": "true", |
| "hadoop.proxyuser.HTTP.groups": "${hadoop-env/proxyuser_group}" |
| } |
| } |
| ], |
| "components": [ |
| { |
| "name": "HDFS_CLIENT", |
| "identities": [ |
| { |
| "name": "hdfs_hdfs_client_hdfs", |
| "reference": "/HDFS/NAMENODE/hdfs" |
| } |
| ] |
| }, |
| { |
| "name": "NAMENODE", |
| "identities": [ |
| { |
| "name": "hdfs", |
| "principal": { |
| "value": "${hadoop-env/hdfs_user}${principal_suffix}@${realm}", |
| "type" : "user" , |
| "configuration": "hadoop-env/hdfs_principal_name", |
| "local_username" : "${hadoop-env/hdfs_user}" |
| }, |
| "keytab": { |
| "file": "${keytab_dir}/hdfs.headless.keytab", |
| "owner": { |
| "name": "${hadoop-env/hdfs_user}", |
| "access": "r" |
| }, |
| "group": { |
| "name": "${cluster-env/user_group}", |
| "access": "" |
| }, |
| "configuration": "hadoop-env/hdfs_user_keytab" |
| } |
| }, |
| { |
| "name": "namenode_nn", |
| "principal": { |
| "value": "nn/_HOST@${realm}", |
| "type" : "service", |
| "configuration": "hdfs-site/dfs.namenode.kerberos.principal", |
| "local_username" : "${hadoop-env/hdfs_user}" |
| }, |
| "keytab": { |
| "file": "${keytab_dir}/nn.service.keytab", |
| "owner": { |
| "name": "${hadoop-env/hdfs_user}", |
| "access": "r" |
| }, |
| "group": { |
| "name": "${cluster-env/user_group}", |
| "access": "" |
| }, |
| "configuration": "hdfs-site/dfs.namenode.keytab.file" |
| } |
| }, |
| { |
| "name": "hdfs_namenode_spnego", |
| "reference": "/spnego", |
| "principal": { |
| "configuration": "hdfs-site/dfs.namenode.kerberos.internal.spnego.principal" |
| } |
| } |
| ], |
| "configurations": [ |
| { |
| "hdfs-site": { |
| "dfs.block.access.token.enable": "true" |
| } |
| } |
| ] |
| }, |
| { |
| "name": "DATANODE", |
| "identities": [ |
| { |
| "name": "datanode_dn", |
| "principal": { |
| "value": "dn/_HOST@${realm}", |
| "type" : "service", |
| "configuration": "hdfs-site/dfs.datanode.kerberos.principal", |
| "local_username" : "${hadoop-env/hdfs_user}" |
| }, |
| "keytab": { |
| "file": "${keytab_dir}/dn.service.keytab", |
| "owner": { |
| "name": "${hadoop-env/hdfs_user}", |
| "access": "r" |
| }, |
| "group": { |
| "name": "${cluster-env/user_group}", |
| "access": "" |
| }, |
| "configuration": "hdfs-site/dfs.datanode.keytab.file" |
| } |
| } |
| ], |
| "configurations" : [ |
| { |
| "hdfs-site" : { |
| "dfs.datanode.address" : "0.0.0.0:1019", |
| "dfs.datanode.http.address": "0.0.0.0:1022" |
| } |
| } |
| ] |
| }, |
| { |
| "name": "SECONDARY_NAMENODE", |
| "identities": [ |
| { |
| "name": "secondary_namenode_nn", |
| "principal": { |
| "value": "nn/_HOST@${realm}", |
| "type" : "service", |
| "configuration": "hdfs-site/dfs.secondary.namenode.kerberos.principal", |
| "local_username" : "${hadoop-env/hdfs_user}" |
| }, |
| "keytab": { |
| "file": "${keytab_dir}/nn.service.keytab", |
| "owner": { |
| "name": "${hadoop-env/hdfs_user}", |
| "access": "r" |
| }, |
| "group": { |
| "name": "${cluster-env/user_group}", |
| "access": "" |
| }, |
| "configuration": "hdfs-site/dfs.secondary.namenode.keytab.file" |
| } |
| }, |
| { |
| "name": "hdfs_secondary_namenode_spnego", |
| "reference": "/spnego", |
| "principal": { |
| "configuration": "hdfs-site/dfs.secondary.namenode.kerberos.internal.spnego.principal" |
| } |
| } |
| ] |
| }, |
| { |
| "name": "NFS_GATEWAY", |
| "identities": [ |
| { |
| "name": "nfsgateway", |
| "principal": { |
| "value": "nfs/_HOST@${realm}", |
| "type" : "service", |
| "configuration": "hdfs-site/nfs.kerberos.principal", |
| "local_username" : "${hadoop-env/hdfs_user}" |
| }, |
| "keytab": { |
| "file": "${keytab_dir}/nfs.service.keytab", |
| "owner": { |
| "name": "${hadoop-env/hdfs_user}", |
| "access": "r" |
| }, |
| "group": { |
| "name": "${cluster-env/user_group}", |
| "access": "" |
| }, |
| "configuration": "hdfs-site/nfs.keytab.file" |
| } |
| } |
| ] |
| }, |
| { |
| "name": "JOURNALNODE", |
| "identities": [ |
| { |
| "name": "journalnode_jn", |
| "principal": { |
| "value": "jn/_HOST@${realm}", |
| "type" : "service", |
| "configuration": "hdfs-site/dfs.journalnode.kerberos.principal", |
| "local_username" : "${hadoop-env/hdfs_user}" |
| }, |
| "keytab": { |
| "file": "${keytab_dir}/jn.service.keytab", |
| "owner": { |
| "name": "${hadoop-env/hdfs_user}", |
| "access": "r" |
| }, |
| "group": { |
| "name": "${cluster-env/user_group}", |
| "access": "" |
| }, |
| "configuration": "hdfs-site/dfs.journalnode.keytab.file" |
| } |
| }, |
| { |
| "name": "hdfs_journalnode_spnego", |
| "reference": "/spnego", |
| "principal": { |
| "configuration": "hdfs-site/dfs.journalnode.kerberos.internal.spnego.principal" |
| } |
| } |
| ] |
| } |
| ] |
| } |
| ] |
| } |
